Monday

21st May 2018

Restaurants and hotels worried by EU data bill

  • Small business such as hotels oppose the European Parliament's draft data bill (Photo: Biblioteca de Arte / Art Library Fundação Calouste Gulbenkian)

Small businesses such as bed and breakfasts or cafes will have to hire a data protection officer (DPO) under new rules currently being fine-tuned by the European Parliament.

The parliament says any business that has 500 or more clients a year will require a data protection office to make sure data is secured and laws are being followed.

Thank you for reading EUobserver!

Subscribe now for a 30 day free trial.

  1. €150 per year
  2. or €15 per month
  3. Cancel anytime

EUobserver is an independent, not-for-profit news organization that publishes daily news reports, analysis, and investigations from Brussels and the EU member states. We are an indispensable news source for anyone who wants to know what is going on in the EU.

We are mainly funded by advertising and subscription revenues. As advertising revenues are falling fast, we depend on subscription revenues to support our journalism.

For group, corporate or student subscriptions, please contact us. See also our full Terms of Use.

If you already have an account click here to login.

But small and medium-sized businesses (SMEs) say this is an unwelcome additional expense in an economy where many are struggling.

The European Commission in its impact assessment report estimates that an SME would have to pay around €1,000 extra each year to have someone ensure protocol is met.

The commission had proposed exempting businesses with fewer than 250 employees from having to hire a DPO, but parliament scrapped the exemption and introduced the 500 clients threshold.

“The commission made an exception for SMEs and they had a reason for that,” said Marta Machado, a policy advisor at the Brussels-based Hortrec, an umbrella organisation for hotels, restaurants, and cafes in Europe.

An average SME in Europe has less than 16 employees. Many others have only one person.

German Green Jan Philipp Albrecht, the lead negotiator on the file at the European Parliament, amended the commission’s draft to include any business with at least 500 or more clients or "data subjects."

A data subject is anyone who has their data processed. Reservation dates, names, addresses and credit card details are among the data a hotel uses to process information on its clients.

Keeping those details in check and making sure they are properly secured is among the tasks of a DPO.

But Dora Szentpaly-Kleis, a legal advisor at the Brussels-based European Association of craft, small and medium-sized enterprises (Ueampe), told this website: “Our problem is not that he [Albrecht] changed the approach because it might make sense to link the number to the data subject but we have the impression that the 500 is a very low number.”

“How did they assess this number because there was no interaction on this issue between the rapporteur and us,” says Szentpaly-Kleis.

A parliamentary source familiar with the file said the number "was open to negotiation."

Germany only member state with data protection officers

Germany is the only member state that currently requires a DPO.

For almost 30 years, any company with at least five employees had to hire an outside consultant to review how personal data was handled. The employee threshold was raised to 10 in 2006 after a legislative reform on data protection.

Werner Hulsmann, a Bonn-based data protection officer who has been working as a freelance DPO since 2004, agrees there are some costs to small businesses but risk of a data breach or violation decreases.

The German experience is varied according to company type, size and whether or not it has locations in other countries.

A 2012 survey by the Bonn-based consultancy firm 2B Advice GmbH found that businesses with up to 50 employees spend just over €1,000 per year on a DPO. Cost increases to over €660,000 for companies with more than 50,000 employees.

The survey assessed 375 German companies, including 90 multinationals.

It noted that a large percentage of data violations come from simple negligence like leaving documents in a printer. Unsecured and unencrypted IT was another weakness. The unlawful processing of personal data was less frequently cited as a violation.

The survey also found that over 38 percent of all in-company data privacy officers do not feel sufficiently well informed well informed about data privacy violations within the company.

“It doesn’t matter how many people or employees work on personal data, they have to accept and follow the rules of data protection,” says Hulsmann.

Focus

The Acta debate - will innovation be stifled?

Opponents of Acta, the controversial anti-counterfeiting treaty up for vote in the European Parliament in July, say, among other things, that it would stifle innovation. Advocates say the exact opposite.

Commission 'playing tricks' with EU budget figures

The EU parliament's budget rapporteur complained the Commission is using numbers with a "desire to confuse". According to parliament estimates, the cohesion fund could suffer as much as a 45 percent cut.

Analysis

Hogan's carrot: reform to soften CAP cuts

The European Commission is dangling the prospect to farmers of being able to dodge financial cuts in the upcoming EU budget – but only if national governments agree to a mandatory redistribution of subsidies.

Analysis

EU has no 'magic bullet' against US Iran sanctions

EU leaders in Sofia will discuss how they can protect the bloc's economic interests against US threats to sanction companies doing business in Iran. But their options are limited.

Opinion

EU budget must not fortify Europe at expense of peace

Given the European Commission new budget's heavy focus on migration, border management and security, many are asking whether the proposal will fortify Europe at the expense of its peace commitments.

News in Brief

  1. Trump warns Nato allies' low budgets will be 'dealt with'
  2. Only Estonia, Greece and UK hit Nato spending target
  3. EU to start process to counter US Iran sanctions
  4. Macedonia PM sees 'possible solutions' in Greek name row
  5. EU takes six countries to court over air pollution
  6. New Catalan leader sworn in without reference to Spain
  7. Merkel and Putin revive dialogue in troubled times
  8. European companies putting Iran business on hold

Stakeholders' Highlights

  1. Nordic Council of MinistersOECD Report: Gender Equality Boosts GDP Growth in Nordic Region
  2. Centre Maurits Coppieters“Peace and reconciliation is a process that takes decades” Dr. Anthony Soares on #Brexit and Northern Ireland
  3. Mission of China to the EUMEPs Positive on China’s New Measures of Opening Up
  4. Macedonian Human Rights MovementOld White Men are Destroying Macedonia by Romanticizing Greece
  5. Counter BalanceControversial EIB-Backed Project Under Fire at European Parliament
  6. Nordic Council of MinistersIncome Inequality Increasing in Nordic Countries
  7. European Jewish CongressEU Leaders to Cease Contact with Mahmoud Abbas Until He Apologizes for Antisemitic Comments
  8. International Partnership for Human RightsAnnual Report celebrates organization’s tenth anniversary
  9. Nordic Council of MinistersNordic Cooperation Needed on Green Exports and Funding
  10. Mission of China to the EUPremier Li Confirms China Will Continue to Open Up
  11. European Jewish CongressCalls on Brussels University to Revoke Decision to Honour Ken Loach
  12. Sustainable Energy Week 2018"Lead the Clean Energy Transition"- Register and Join Us in Brussels from 5 to 7 May

Latest News

  1. Zuckerberg and Trump top the EU's agenda This WEEK
  2. Integration of Syrian refugees in Europe needs scrutiny
  3. Bulgarian PM: No asylum reform without stronger border
  4. Eight countries to miss EU data protection deadline
  5. Italian populists to defy EU debt rules
  6. Commission 'playing tricks' with EU budget figures
  7. How France escaped EU legal action over chemical ban
  8. 'Connectivity' trumps enlargement at Balkans summit

Stakeholders' Highlights

  1. EU Green Week 2018Green Cities for a Greener Future. Join the Debate in Brussels from 22 to 24 May
  2. Nordic Council of Ministers12 Recommendations for Nordic Leadership on Climate and Environment
  3. Macedonian Human Rights MovementOxford Professor Calls for an End to the Anti-Macedonian Name Negotiations
  4. ACCAPeople Who Speak-Up Should Feel Safe to Do So
  5. Mission of China to the EUProgress on China-EU Cooperation
  6. Nordic Council of MinistersWorld's Energy Ministers to Meet in Oresund in May to Discuss Green Energy
  7. ILGA EuropeParabéns! Portugal Votes to Respect the Rights of Trans and Intersex People
  8. Mission of China to the EUJobs, Energy, Steel: Government Work Report Sets China's Targets
  9. European Jewish CongressKantor Center Annual Report on Antisemitism Worldwide - The Year the Mask Came Off
  10. UNICEFCalls for the Protection of Children in the Gaza Strip
  11. Mission of China to the EUForeign Minister Wang Yi Highlights Importance of China-EU Relations
  12. Nordic Council of MinistersImmigration and Integration in the Nordic Region - Getting the Facts Straight